From fd7067649a04275bbd0617eb5fc12d66e804c15b Mon Sep 17 00:00:00 2001 From: Steve Wilkerson Date: Tue, 3 Dec 2019 09:06:13 -0600 Subject: [PATCH] Elasticsearch: Remove unnecessary rbac definitions This removes the cluster role definition from the Elasticsearch component templates, as these are not needed for the service to function correctly. Change-Id: I671272affbed8984a47121187024e4b831937123 Signed-off-by: Steve Wilkerson --- .../templates/deployment-client.yaml | 35 ------------------- elasticsearch/templates/statefulset-data.yaml | 35 ------------------- .../templates/statefulset-master.yaml | 35 ------------------- 3 files changed, 105 deletions(-) diff --git a/elasticsearch/templates/deployment-client.yaml b/elasticsearch/templates/deployment-client.yaml index a327157ff7..9e2bf20e81 100644 --- a/elasticsearch/templates/deployment-client.yaml +++ b/elasticsearch/templates/deployment-client.yaml @@ -25,41 +25,6 @@ limitations under the License. {{- $serviceAccountName := printf "%s-%s" .Release.Name "elasticsearch-client" }} {{ tuple $envAll "elasticsearch_client" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRoleBinding -metadata: - name: run-elasticsearch-client -subjects: - - kind: ServiceAccount - name: {{ $serviceAccountName }} - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: {{ $serviceAccountName }} - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRole -metadata: - name: {{ $serviceAccountName }} -rules: - - nonResourceURLs: - - / - verbs: - - get - - apiGroups: - - "" - resources: - - endpoints - verbs: - - get - - apiGroups: - - apps - resources: - - statefulsets/status - verbs: - - get ---- apiVersion: apps/v1 kind: Deployment metadata: diff --git a/elasticsearch/templates/statefulset-data.yaml b/elasticsearch/templates/statefulset-data.yaml index c68fe0399b..8fcfad60af 100644 --- a/elasticsearch/templates/statefulset-data.yaml +++ b/elasticsearch/templates/statefulset-data.yaml @@ -25,41 +25,6 @@ limitations under the License. {{- $serviceAccountName := printf "%s-%s" .Release.Name "elasticsearch-data" }} {{ tuple $envAll "elasticsearch_data" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRoleBinding -metadata: - name: run-elasticsearch-data -subjects: - - kind: ServiceAccount - name: {{ $serviceAccountName }} - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: {{ $serviceAccountName }} - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRole -metadata: - name: {{ $serviceAccountName }} -rules: - - nonResourceURLs: - - / - verbs: - - get - - apiGroups: - - "" - resources: - - endpoints - verbs: - - get - - apiGroups: - - apps - resources: - - statefulsets/status - verbs: - - get ---- apiVersion: apps/v1 kind: StatefulSet metadata: diff --git a/elasticsearch/templates/statefulset-master.yaml b/elasticsearch/templates/statefulset-master.yaml index e257c1ea66..0a4b2abf5c 100644 --- a/elasticsearch/templates/statefulset-master.yaml +++ b/elasticsearch/templates/statefulset-master.yaml @@ -24,41 +24,6 @@ limitations under the License. {{- $serviceAccountName := "elasticsearch-master" }} {{ tuple $envAll "elasticsearch_master" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRoleBinding -metadata: - name: run-elasticsearch-master -subjects: - - kind: ServiceAccount - name: {{ $serviceAccountName }} - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: {{ $serviceAccountName }} - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRole -metadata: - name: {{ $serviceAccountName }} -rules: - - nonResourceURLs: - - / - verbs: - - get - - apiGroups: - - "" - resources: - - endpoints - verbs: - - get - - apiGroups: - - apps - resources: - - statefulsets/status - verbs: - - get ---- apiVersion: apps/v1 kind: StatefulSet metadata: